Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
Spyware Doctor Enterprise
Help me choose
Multiple LPC and LPC Ports Vulnerabilities
Several security vulnerabilities exist in local procedure call (LPC) functionality and LPC ports of Microsoft® Windows NT® 4.0 and Windows® 2000 which allow a range of attacks, from denial of service to, in some cases, privilege elevation.
Issue
Several vulnerabilities have been identified in the Windows NT 4.0 and Windows 2000 implementations of LPC and LPC ports:
- The "Invalid LPC Request" vulnerability, which affects only Windows NT 4.0. By levying an invalid LPC request, it would be possible to make the affected system fail.
- The "LPC Memory Exhaustion" vulnerability, which affects both Windows NT 4.0 and Windows 2000. By levying spurious LPC requests, it could be possible to increase the number of queued LPC messages to the point where kernel memory was depleted.
- The "Predictable LPC Message Identifier" vulnerability, which affects both Windows NT 4.0 and Windows 2000. Any process that knows the identifier of an LPC message can access it; however, the identifiers can be predicted. In the simplest case, a malicious user could access other process' LPC ports and feed them random data as a denial of service attack. In the worst case, it could be possible under certain conditions to send bogus requests to a privileged process in order to gain additional local privileges.
- A new variant of the previously-reported "Spoofed LPC Port Request" vulnerability. This vulnerability affects Windows NT 4.0 and Windows 2000, and could, under a very restricted set of conditions, allow a malicious user to create a process that would run under the security context of an already-running process, potentially including System processes.
Because LPC can only be used on the local machine, none of these vulnerabilities could be exploited remotely. Instead, a malicious user could only exploit them on machines that he could log onto interactively.
Affected Products
- Windows NT/2000
Solution
A software patch is available from the following locations:
- Microsoft Windows NT 4.0 Workstation, Server, and Server, Enterprise Edition:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24650 - Microsoft Windows 2000 Professional, Server, Advanced Server, and Datacenter Server:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24649
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: October 3, 2000
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
